The threat could come from a variety of places, some say. Many have suggested that Russia, suspected to be behind the recent hack of the Democratic National Committee’s email servers, could compromise our voting systems. Members of the Aspen Institute Homeland Security Group reacted to the DNC hack with a July 28 statement warning that “our electoral process could be a target for reckless foreign governments and terrorist groups.”
Trump and his acolytes are more concerned about Democrats back in the U.S., suggesting in recent days that partisans in urban areas may engage in voter fraud to swing the election to Democrat Hillary Clinton. Trump pointed out on Fox News on August 1 that in 2012 “you had precincts where there were practically nobody voting for the Republican. And I think that’s wrong. I think that was unfair, frankly.”
Election integrity and cybersecurity experts say there are real security vulnerabilities in America’s election system—or, more accurately, systems, as there are more than 9,000 separate state and local jurisdictions that conduct elections around the country. A number of states and municipalities continue to use insecure electronic and/or online voting technologies, despite years of warnings that these systems have bugs and poor security. It’s also true that a motivated individual could, in theory, go to the polls and pretend he or she is someone else, or lie on an absentee ballot.
There are, however, two important caveats. One: Evidence of outright voter fraud of the sort Trump is warning about is extremely rare. Two: Even if a malevolent actor did succeed in meddling with an election—either by hacking into an electronic system or via lower-tech identity fraud—that doesn’t mean he or she could affect the outcome. Doing so would be extremely difficult in large part because of how fragmented the U.S. voting system is.
Jamil Jaffer, director of the Homeland and National Security Law Program at the George Mason University School of Law, says that while the diversity of the voting systems around the country is a weakness in the sense that election technology and security are not uniformly high, “this diversity is actually also a strength from a security perspective, because it presents a diverse set of targets that an attacker would have to contend with in order to have a significant impact, particularly on a national election.” And the targets that a foreign hacker would likely be most interested in disrupting during the presidential election are hotly contested swing states like Ohio, Florida and Pennsylvania—states where the race is going to be close enough that flipping some votes could alter who wins the state, and where winning the state could mean winning the White House. The good news is that most of the states where the stakes are highest have made significant upgrades to their election systems in recent years.
Pam Smith, president of Verified Voting, a nonprofit group that advocates for accurate and fair elections, says Ohio and Florida, in particular, have “been making all the moves in the right direction” after grappling with major voting crises last decade. Many counties in Ohio still use electronic voting machines, which provide the potential for hacking. But they require physical paper records of voters’ ballots, known as voter verifiable paper audit trails, which allow voters to confirm their votes were recorded correctly and also allow election officials to audit the vote tallies. Smith says Ohio has also implemented a number of other provisions to safeguard its elections, including having emergency paper ballots on hand at polling places, conducting audits and barring its voting systems from being connected to the internet, which could allow a hacker to gain access to the machines remotely. Florida, meanwhile, has moved to a predominantly paper ballot system, with only a limited number of electronic voting systems that are being phased out.
Pennsylvania, however, is more of a mixed bag. The majority of Pennsylvania counties still use electronic voting systems without paper printouts, making them much more vulnerable to glitches or intentional meddling that would be more difficult to catch and correct. But it’s also worth noting that a mix of 10 different electronic voting machine models are at use in the state, according to data compiled by Verified Voting, making it that much more complicated for a would-be hacker to try to alter votes in multiple jurisdictions.
And then there’s online voting, which is primarily used for overseas and military voters. This is the most vulnerable of all types of voting, and the most difficult to verify or audit, experts say. More than half of U.S, states use it, but Smith says a number of states have become stricter about who is eligible to participate in online voting, including the swing state of Colorado. “It’s a small percentage of voters who would be eligible to use this,” says Smith, but “it’s still a concern.”
Of bigger concern are voter registration databases. Illinois’s online voter registration system was hacked on July 12, and according to the Associated Press, the election board believes the attack came from a foreign source. It claims no voter information was altered. Those kinds of hacks are more likely to be detected, and thus less likely to throw an election, but erasing voter rolls could certainly create chaos on Election Day.
Speaking at a breakfast this week in Washington, D.C., Director of Homeland Security Jeh Johnson told reporters he wants local governments to do more to protect against cyberthreats to the election. Johnson said he is “considering communicating with election officials around the country about best practices in the short term” for shoring up election security for 2016. In the longer term, Johnson said, “I do think we should carefully consider whether our election system, our election process, should be considered ‘critical infrastructure.’” That legal designation would prompt the federal government to bring more resources and attention to protecting voting systems.
That would be particularly useful for the third of U.S. states whose voting systems Verified Voting rated as “needs improvement” or “inadequate” in 2012. Most are in the Midwest or South and are unlikely to swing a national election. But stealing a local or state race is still a breach of democracy, and it could also raise suspicions that, perhaps, other results were tampered with too. That could cast a cloud over the election as a whole.
That’s essentially what Trump did this week when he asserted on Fox News, without citing specific evidence, “I’m telling you, November 8, we’d better be careful, because that election is going to be rigged. And I hope the Republicans are watching closely, or it’s going to be taken away from us.” That statement, it’s pretty clear, was intended to fan conservatives’ fears about voter fraud, an issue that has prompted a stream of voter ID laws and other voting restrictions in recent years. But numerous comprehensive studies have found very few cases of voter fraud over the years, and all of it was small in scale. Just in the past few weeks, courts have struck down voting restrictions in Kansas, North Carolina, North Dakota, Texas and Wisconsin, arguing the lack of evidence of voter fraud suggested the laws were intended to discriminate, not protect.
The upshot is it’s highly unlikely a person or group could actually steal the presidential election. Convincing people it’s been stolen is easier, however, and the results could be almost as bad.